Re: [libvirt] [PATCH 08/10] apparmor: provide local override templates

2017-05-15 Thread Guido Günther 
On Mon, May 15, 2017 at 03:23:17PM +0200, Stefan Bader wrote:
> Local overrides is a feature Debian/Ubuntu libvirt provided for a while.
> This allows the user to have a non-conffile that he can use to extend the
> package delivered rules with extra content matching his special case.
> 
> This change provides override templates which the user can extend
> and modifies the makefile template to include those when installing
> the apparmor profiles.
> 
> Signed-off-by: Christian Ehrhardt 
> Signed-off-by: Stefan Bader 
> ---
>  examples/Makefile.am   | 14 ++
>  examples/apparmor/local-usr.lib.libvirt.virt-aa-helper |  2 ++
>  examples/apparmor/local-usr.sbin.libvirtd  |  2 ++
>  3 files changed, 18 insertions(+)
>  create mode 100644 examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
>  create mode 100644 examples/apparmor/local-usr.sbin.libvirtd
> 
> diff --git a/examples/Makefile.am b/examples/Makefile.am
> index 2956e14..16c7bf6 100644
> --- a/examples/Makefile.am
> +++ b/examples/Makefile.am
> @@ -25,6 +25,8 @@ EXTRA_DIST = \
>   apparmor/libvirt-lxc \
>   apparmor/usr.lib.libvirt.virt-aa-helper \
>   apparmor/usr.sbin.libvirtd \
> + apparmor/local-usr.sbin.libvirtd \
> + apparmor/local-usr.lib.libvirt.virt-aa-helper \
>   lxcconvert/virt-lxc-convert \
>   polkit/libvirt-acl.rules \
>   $(wildcard $(srcdir)/systemtap/*.stp) \
> @@ -74,6 +76,18 @@ apparmor_DATA = \
>   apparmor/usr.sbin.libvirtd \
>   $(NULL)
>  
> +localdir = $(apparmordir)/local
> +local_DATA = \
> + apparmor/local-usr.sbin.libvirtd \
> + apparmor/local-usr.lib.libvirt.virt-aa-helper \
> + $(NULL)
> +
> +install-data-hook:
> + mv $(DESTDIR)$(localdir)/local-usr.sbin.libvirtd \
> +$(DESTDIR)$(localdir)/usr.sbin.libvirtd
> + mv $(DESTDIR)$(localdir)/local-usr.lib.libvirt.virt-aa-helper \
> +$(DESTDIR)$(localdir)/usr.lib.libvirt.virt-aa-helper
> +
>  abstractionsdir = $(apparmordir)/abstractions
>  abstractions_DATA = \
>   apparmor/libvirt-qemu \
> diff --git a/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper 
> b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
> new file mode 100644
> index 000..82c9c39
> --- /dev/null
> +++ b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
> @@ -0,0 +1,2 @@
> +# Site-specific additions and overrides for usr.lib.libvirt.virt-aa-helper.
> +# For more details, please see /etc/apparmor.d/local/README.
> diff --git a/examples/apparmor/local-usr.sbin.libvirtd 
> b/examples/apparmor/local-usr.sbin.libvirtd
> new file mode 100644
> index 000..6e19f20
> --- /dev/null
> +++ b/examples/apparmor/local-usr.sbin.libvirtd
> @@ -0,0 +1,2 @@
> +# Site-specific additions and overrides for usr.sbin.libvirtd.
> +# For more details, please see /etc/apparmor.d/local/README.

I wonder if this is too much distro speifics? (We're shipping the same in
Debian). It should in any case be squashed into the previous commit.
Cheers,
 -- Guido

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 08/10] apparmor: provide local override templates

2017-05-15 Thread Stefan Bader 
Local overrides is a feature Debian/Ubuntu libvirt provided for a while.
This allows the user to have a non-conffile that he can use to extend the
package delivered rules with extra content matching his special case.

This change provides override templates which the user can extend
and modifies the makefile template to include those when installing
the apparmor profiles.

Signed-off-by: Christian Ehrhardt 
Signed-off-by: Stefan Bader 
---
 examples/Makefile.am   | 14 ++
 examples/apparmor/local-usr.lib.libvirt.virt-aa-helper |  2 ++
 examples/apparmor/local-usr.sbin.libvirtd  |  2 ++
 3 files changed, 18 insertions(+)
 create mode 100644 examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
 create mode 100644 examples/apparmor/local-usr.sbin.libvirtd

diff --git a/examples/Makefile.am b/examples/Makefile.am
index 2956e14..16c7bf6 100644
--- a/examples/Makefile.am
+++ b/examples/Makefile.am
@@ -25,6 +25,8 @@ EXTRA_DIST = \
apparmor/libvirt-lxc \
apparmor/usr.lib.libvirt.virt-aa-helper \
apparmor/usr.sbin.libvirtd \
+   apparmor/local-usr.sbin.libvirtd \
+   apparmor/local-usr.lib.libvirt.virt-aa-helper \
lxcconvert/virt-lxc-convert \
polkit/libvirt-acl.rules \
$(wildcard $(srcdir)/systemtap/*.stp) \
@@ -74,6 +76,18 @@ apparmor_DATA = \
apparmor/usr.sbin.libvirtd \
$(NULL)
 
+localdir = $(apparmordir)/local
+local_DATA = \
+   apparmor/local-usr.sbin.libvirtd \
+   apparmor/local-usr.lib.libvirt.virt-aa-helper \
+   $(NULL)
+
+install-data-hook:
+   mv $(DESTDIR)$(localdir)/local-usr.sbin.libvirtd \
+  $(DESTDIR)$(localdir)/usr.sbin.libvirtd
+   mv $(DESTDIR)$(localdir)/local-usr.lib.libvirt.virt-aa-helper \
+  $(DESTDIR)$(localdir)/usr.lib.libvirt.virt-aa-helper
+
 abstractionsdir = $(apparmordir)/abstractions
 abstractions_DATA = \
apparmor/libvirt-qemu \
diff --git a/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper 
b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
new file mode 100644
index 000..82c9c39
--- /dev/null
+++ b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper
@@ -0,0 +1,2 @@
+# Site-specific additions and overrides for usr.lib.libvirt.virt-aa-helper.
+# For more details, please see /etc/apparmor.d/local/README.
diff --git a/examples/apparmor/local-usr.sbin.libvirtd 
b/examples/apparmor/local-usr.sbin.libvirtd
new file mode 100644
index 000..6e19f20
--- /dev/null
+++ b/examples/apparmor/local-usr.sbin.libvirtd
@@ -0,0 +1,2 @@
+# Site-specific additions and overrides for usr.sbin.libvirtd.
+# For more details, please see /etc/apparmor.d/local/README.
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list